Tag Archives: encryption

EUNIS 2017

Ed Stout was funded to attend this event as a 2017 UCISA bursary winner

During his EUNIS 2017 keynote ‘General Data Protection Regulation – Consequences for an IT Department’, Rainer W. Gerling, CISO of the Max Planck Society & Honorary professor for IT Security in the department of Computer Science and Mathematics at the Munich University of Applied Sciences, took us on a journey to better understand the soon to be fully in force General Data Protection Regulation (GDPR) within the European Union. In 2012, the European Commission tabled an initial proposal to regulate data protection within the EU and by the end of 2015, the European Commission, European Council and European Parliament had come to an agreement to take it forward. At this point in 2017, we are currently residing within the grace period before it formally comes into full force on 25th May 2018… this leaves all of us with not a lot of time to get our houses in order!

Microsoft within the development of their Windows 10 operating system now offer more than 50 native data protection settings within the ‘Privacy Settings’ however, Rainer stressed that it is highly important that we in HE review these settings to adjust from defaults.

Given the serious nature of the proposed fines, which can be as much as €20 million if found in breach of the regulations, it is certainly worth taking the new legislation very, very seriously. Encryption is paramount in accordance with GDPR Article 32 and what needs to be encrypted? Well, pretty much everything!!

Technically, standards which are considered ‘state of the art’ only remain so for a limited lifespan as new and improved solutions are developed, as is demonstrated in the below in relation to cryptographic protocols. It is therefore, important that we continually review to ensure that we are meeting legislative requirements.

So what should we be doing now? We should be:

Contacting our relevant data protection officers to discuss the implications of the legislation in line with our own institutions technical configuration.

Acknowledging that it is not simply the IT departments’ responsibility to ensure that we meet the relevant legislative needs but that the University as a whole is responsible.

Documenting our technical measures in line with ISO27000.

Collaborating with other HE institutions.

And we should be…

Improving our technical measures and accepting that state of the art is a moving target.